Coder Social home page Coder Social logo

svmp-overseer's Introduction

SVMP Overseer

Serves as a central controller, login, and RESTful API server for SVMP. Includes a web console and an HTML5 web client.

Build Status

Setup

Prerequisites

Install Steps

  1. Download this project
  2. Within the root directory of this project, run these commands to install the project and download dependencies:
$ sudo npm install -g grunt-cli
$ sudo npm install -g bower
$ npm install

Quick Start

If you haven't used MongoDB yet, make sure it's running. Then, set your Node environment to production mode:

$ export NODE_ENV=production

On first run, the configuration file will be created. Run the server:

$ node server.js

Now, press Ctrl+C to close the server. Open the newly-generated ./config/config-local.js file and set your private settings here. Choose which cloud environment you will use and set the appropriate cloud configuration accordingly.

To set up TLS encryption with self-signed certificates:

  1. Modify the ./tls/*.cnf files to match your SVMP Overseer and SVMP Server information. Important: change the passwords from the defaults!

  2. Modify the ./tls/Makefile, change the SERVER_PASSPHRASE and OVERSEER_PASSPHRASE values to match your new passwords.

  3. Generate the self-signed certificates:

    $ make -C ./tls/

Run tests to make sure they pass:

$ grunt

Finally, start the server:

$ node server.js

Using a web browser, navigate to the root URL to access the web console (e.g. https://your-hostname:3000)

API

All requests with a URL prefix of /api and /services must contain a JSON Web Token (JWT) in the request header, in the form: svmp-authtoken : 'sometoken'

Requests to URLs with a /services prefix must have the role admin in the JWT. You can use Grunt to generate a services token. For more details, run the following command:

$ node create-token.js

User Clients

Login

POST /login

Request

{ username: 'un',
  password: 'pw'
}

Response

  • 200 OK - Body: 
    { sessionInfo: {
    token: 'token',
    maxLength: 36000
  },
  server: {
    host: 'svmp-server.example.com'
    port: 8002
  },
  webrtc: {...}
}

Token is a JWT that can be used to authenticate with an SVMP proxy server, with a payload that includes: javascript { sub: 'user._id', role: 'user|admin', exp: 'expiration time', jti: 'username-uuid' }

  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad username/password combination
  • 403 Forbidden - The user needs to change their password before proceeding
  • 500 Internal Server Error - Unable to complete request

Change Password

POST /changePassword

Request

{ password: 'hello',
  newPassword: 'thisismynewsecurepassword'
}

Response

  • 200 OK - Includes same body as /login response
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad username/password combination
  • 500 Internal Server Error - Unable to complete request

Service - Users

Requests to URLs with a /services prefix must have the role admin in the authentication token. Requests to Services do not require a login. Clients must be pre-configured with proper authentication tokens. You can use Grunt to generate a services token. See grunt create-service-token

List Users

GET /services/users

Response

  • 200 OK - Body: { users: [{...}, {...}, ...] }
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

Add User

POST /services/user

Request

{ user: {
    username: 'un',
    password: 'pw',
    email: '[email protected]',
    device_type: 'device_1'
  }
}

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

Delete User

DELETE /services/user/:username

where :username is the actual user's name

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 404 Not Found - User does not exist
  • 500 Internal Server Error - Unable to complete request

Update User

PUT /services/user/:username

where :username is the actual user's name

Request

{ username: 'un',
  // Field(s) to update
  update: {'email': '[email protected]'}
}

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 404 Not Found - User does not exist
  • 500 Internal Server Error - Unable to complete request

Find User

GET /services/user/:username

where :username is the actual user's name

Response

  • 200 OK - Body: { user: {...} }
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 404 Not Found - User does not exist
  • 500 Internal Server Error - Unable to complete request

Service - VM Session Management

Create VM Session

POST services/vm-session

Request

{ username: 'un',
  expireAt: Date
}

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

Update VM Session

PUT services/vm-session

Request

{ username: 'un',
  lastAction: Date
}

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

Service - Cloud

Setup VM

Setup a VM for user. Usually done during login

GET /services/cloud/setupVm/:username

where :username is the actual user's name

Response

  • 200 OK - Body: { vm_ip: 'ip address', vm_port: 'port number of vm' }
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

List Device Types

GET /services/cloud/devices

Response

  • 200 OK - Body: { device_1: 'imageID', device_2: 'imageID', ... }
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

List Volumes

GET /services/cloud/volumes

Response

  • 200 OK - Body: { volumes: [...] }
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

Create Volume for User

POST /services/cloud/volume/create

Request

{ username: 'un' }

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 404 Not Found - User does not exist
  • 500 Internal Server Error - Unable to complete request

Assign Volume to User

POST /services/cloud/assignVolume

Request

{ username: 'un',
  volid: 'volume ID'
}

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 404 Not Found - User does not exist
  • 500 Internal Server Error - Unable to complete request

Create/Start VM for User

GET /services/cloud/setupVm/:username

where :username is the actual user's name

Response

  • 200 OK - Empty body
  • 400 Bad Request - Missing required field(s)
  • 401 Unauthorized - Bad token or insufficient permissions
  • 404 Not Found - User does not exist
  • 500 Internal Server Error - Unable to complete request

List Images and Flavors

GET /services/cloud/images

Response

  • 200 OK - Body: { flavors: [...], images: [...] }
  • 401 Unauthorized - Bad token or insufficient permissions
  • 500 Internal Server Error - Unable to complete request

License

Copyright (c) 2012-2014, The MITRE Corporation, All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

svmp-overseer's People

Contributors

davebryson avatar dkeppler avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

dkeppler apyles ianblenke coding4fun2012 aburmistrov marcus2004 soitun xusx1024 pks-os msgpo arunkumaruniqpro

svmp-overseer's Issues

Create admin account for myself.

As some background, I have svmp-overseer and svmp-server compiling and functional on an OpenStack sever. I also got svmp-web-console compiling, though I understand it is a deprecated version of svmp-overseer.

In svmp-web-console part of the setup was to create a default admin user and part of the screenshot you show is an admin account that can approve pending accounts. I tried grunt add-default-admin and grunt reports adding the user, but that user then cannot login to svmp-web-console.

Of course, I'm actually more interested in getting this same idea functioning on svmp-overseer. I didn't see any options for creating a similar admin account though and all user accounts show a pending account status. Perhaps this is just a matter of modifying a 'user' entry to an 'admin' entry in the mongodb somehow or is there an easier way? What are the account details needed to access mongodb if this is the best way to do so?

Eventually, I went through the code hacking admin access into every place I saw it referenced in the code, with the idea that after I gave myself admin access, I could approve the pending users and then remove that code. This did allow me to access the Pending Users screen, but no pending users are listed, even though I have plenty of pending user accounts that I created. If you have any tips on completing hacking the code in this way to grant myself some admin access, that would also do.

Thanks in advance for any help you can provide!

Unable to connect to VM (OpenStack)

2016-12-08T10:58:35.246Z - verbose: Calling overseer: services/vm-session for user 'suhas'
2016-12-08T10:58:35.266Z - verbose: Calling overseer: services/cloud/setupVm/suhas
2016-12-08T10:58:35.286Z - verbose: Connecting to VM 192.168.1.52...
2016-12-08T10:58:38.284Z - error: Error communicating with VM1 192.168.1.52: connect EHOSTUNREACH 192.168.1.52:8001
2016-12-08T10:58:38.285Z - info: Disconnecting user 'suhas' (::ffff:192.168.1.25:49795) from VM 192.168.1.52
2016-12-08T10:58:38.285Z - info: User 'suhas' (::ffff:192.168.1.25:49795) disconnected
2016-12-08T10:58:38.286Z - verbose: Calling overseer: services/vm-session for user 'suhas'
2016-12-08T10:58:38.290Z - debug: Connection to VM 192.168.1.52 closed
2016-12-08T10:58:38.301Z - verbose: vmSession for user 'suhas' updated successfully
2016-12-08T10:58:38.477Z - debug: clientSocket closed: (1000)

Bug with approving new users.

So, now that I have the admin account in the system, I decided to sign up some new users. I create them, then logout, then go to the Pending Users screen as the admin. On that screen I click the green "Approve" buttons.

When I do this, I see Password should be at least 8 characters for all users clicked on. The passwords for all these users are all 8 characters or more already though and follow the password conventions from signup.

Overseer error

Hello, thanks for providing this application, any help will be appreciated.

When trying to use the svmp-config for the first time , the overseer crashes:

]# svmp-config list
Using overseer URL: https://xxx.xxx.xx:3000

Proxy users:
Error code: 500, text: Internal Server Error

# node server.js --config config/config-local.yaml

2018-06-26T12:45:07.235Z - info: Loading config file: config/config-local.yaml
2018-06-26T12:45:07.763Z - info: Mongoose: connected to: mongodb://localhost/svmp_overseer_production_db
express-session deprecated undefined resave option; provide resave option lib/console/express.js:63:13
express-session deprecated undefined saveUninitialized option; provide saveUninitialized option lib/console/express.js:63:13
2018-06-26T12:45:08.387Z - info: SVMP REST API running on port 3000 with SSL
TypeError: Cannot read property 'sub' of undefined
at /software/svmp-overseer/lib/authentication.js:75:38
at Object.module.exports.verify (/software/svmp-overseer/node_modules/jsonwebtoken/index.js:39:12)
at Object.exports.checkAdminToken [as handle] (/software/svmp-overseer/lib/authentication.js:74:13)
at next_layer (/software/svmp-overseer/node_modules/express/lib/router/route.js:103:13)
at Route.dispatch (/software/svmp-overseer/node_modules/express/lib/router/route.js:107:5)
at /software/svmp-overseer/node_modules/express/lib/router/index.js:205:24
at Function.proto.process_params (/software/svmp-overseer/node_modules/express/lib/router/index.js:269:12)
at next (/software/svmp-overseer/node_modules/express/lib/router/index.js:199:19)
at next (/software/svmp-overseer/node_modules/express/lib/router/index.js:176:38)
at next (/software/svmp-overseer/node_modules/express/lib/router/index.js:176:38)
at Layer.handle (/software/svmp-overseer/app/routes/log.js:110:9)
at trim_prefix (/software/svmp-overseer/node_modules/express/lib/router/index.js:240:15)
at /software/svmp-overseer/node_modules/express/lib/router/index.js:208:9
at Function.proto.process_params (/software/svmp-overseer/node_modules/express/lib/router/index.js:269:12)
at next (/software/svmp-overseer/node_modules/express/lib/router/index.js:199:19)
at SendStream.error (/software/svmp-overseer/node_modules/express/node_modules/serve-static/index.js:86:37)
2018-06-26T12:45:37.546Z - info: 74.50.112.144 - - "GET /services/users" 500 "-"

I guess this is related to the authentication toket, but I haven't find where to configure the token in the overseer.

Thanks a lot.

Miguel

rror: timeout of 2000ms exceeded at Timeout.<anonymous> (/home/yuan/work/svmp/svmp-overseer/node_modules/grunt-mocha-test/node_modules/mocha/lib/runnable.js:139:19)

yuan@yuan:~/work/svmp/svmp-overseer$ npm test

[email protected] test /home/yuan/work/svmp/svmp-overseer
grunt --config test/config.yaml

Running "mochaTest:src" (mochaTest) task
2018-08-01T09:38:42.957Z - info: Loading config file: test/config.yaml
2018-08-01T09:38:43.229Z - info: Mongoose: connected to: mongodb://localhost/svmp_overseer_test_db
express-session deprecated undefined resave option; provide resave option lib/console/express.js:63:13
express-session deprecated undefined saveUninitialized option; provide saveUninitialized option lib/console/express.js:63:13
2018-08-01T09:38:43.478Z - info: SVMP REST API running on port 3000 with SSL

  1. "before all" hook

0 passing (2s)
1 failing

  1. "before all" hook:
    Error: timeout of 2000ms exceeded
    at Timeout. (/home/yuan/work/svmp/svmp-overseer/node_modules/grunt-mocha-test/node_modules/mocha/lib/runnable.js:139:19)
    at ontimeout (timers.js:498:11)
    at tryOnTimeout (timers.js:323:5)
    at Timer.listOnTimeout (timers.js:290:5)

Warning: Task "mochaTest:src" failed. Used --force, continuing.

Done, but with warnings.

Supported device types: Error: self signed certificate

Hi dkeppler,
when I run svmp-config devices I get this error "Error: self signed certificate" is that related to my CA_Certificate? the one that we created on my own...

No clue where to go from here! Could you please assist?

Thanks in advance!

Sirish K

Using floating IP connection to VM in Amazon EC2

Hi guys!

What do you think what we have to do to connect to virtual machine (or example on Amazon EC2) with floating (private) IP adress?
use_floating_ips: true
floating_ip_pool: "nova"

Am i right that those stuff didn't implement ?

Error running

Encountering issue when running the SVMP-Overseer. I am following this guide https://svmp.github.io/server-install.html

/home/ubuntu/svmp-overseer/node_modules/winston-transport/legacy.js:18
    throw new Error('Invalid transport, must be an object with a log method.');
    ^

Error: Invalid transport, must be an object with a log method.
    at new LegacyTransportStream (/home/ubuntu/svmp-overseer/node_modules/winston-transport/legacy.js:18:11)
    at DerivedLogger.add (/home/ubuntu/svmp-overseer/node_modules/winston/lib/winston/logger.js:345:11)
    at Object.winston.(anonymous function).args [as add] (/home/ubuntu/svmp-overseer/node_modules/winston/lib/winston.js:110:68)
    at Object.winston.beforeConfig (/home/ubuntu/svmp-overseer/lib/logger.js:29:13)
    at Object.svmp.init (/home/ubuntu/svmp-overseer/lib/svmp.js:43:17)
    at Object.<anonymous> (/home/ubuntu/svmp-overseer/server.js:31:6)
    at Module._compile (internal/modules/cjs/loader.js:701:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:712:10)
    at Module.load (internal/modules/cjs/loader.js:600:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:539:12)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.